package ruifight.member.config;

import javax.annotation.Resource;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.access.AccessDeniedHandler;

import ruifight.member.service.security.SecurityProvider;


@Configuration
public class InterfaceSecurityConfig extends WebSecurityConfigurerAdapter {
	@Resource
	private SecurityProvider securityProvider;

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.cors().and().csrf().disable().authorizeRequests()
          .antMatchers(HttpMethod.POST, "/interface/login").permitAll()
          .anyRequest().authenticated()
          .and()
          .addFilter(new JWTLoginFilter(authenticationManager()))
          .addFilter(new JWTAuthenticationFilter(authenticationManager()))
          .exceptionHandling().accessDeniedHandler(getAccessDeniedHandler())
          .authenticationEntryPoint(getAuthenticationEntryPoint());
		super.configure(http);
	}

	@Bean
	public AuthenticationEntryPoint getAuthenticationEntryPoint() {
	    return new EntryPointUnauthorizedHandler();
	}

	@Bean
	public AccessDeniedHandler getAccessDeniedHandler() {
	    return new RestAccessDeniedHandler();
	}
	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		auth.authenticationProvider(securityProvider);
		super.configure(auth);
	}

	@Override
	public void configure(WebSecurity web) throws Exception {
		web.ignoring().antMatchers("/interface/wx/openId/**")
			.antMatchers("/interface/wx/pay/callback")
			.antMatchers("/interface/tx/getVideo/**")
			.antMatchers("/interface/getShopPhoto/**")
			.antMatchers("/wxgzh/**")
			.antMatchers("/**/*.html")
			.antMatchers("/**/*.js")
			.antMatchers("/**/*.css")
			.antMatchers("/**/*.txt");
		super.configure(web);
	}
}
